docs: refresh platforms table, cert var names, and last-month additions#145
docs: refresh platforms table, cert var names, and last-month additions#145
Conversation
Pull docs back into sync with what the roles actually do after the last month of merges. Three classes of fix: Platform table in the introduction page still listed Debian 11 and RHEL 8 and was missing Ubuntu 26.04. That table is supposed to mirror roles/elasticsearch/meta/main.yml — now does. The external-cert example in the deployment how-to referenced variables that don't exist: kibana_tls_cert/key/ca, elasticsearch_*_tls_cert, the non-existent elasticsearch_http_tls_ca and elasticsearch_transport_tls_ca, and elasticsearch_tls_cacerts in a tip. Anyone copy-pasting the example was getting a silent no-op. Swapped to the real names (kibana_tls_certificate_file, elasticsearch_*_tls_certificate, elasticsearch_tls_ca_certificate). Added reference sections for the two variable families that landed recently without docs: the elasticsearch_config_restart_strategy family from the rolling-config-restart work, and elasticsearch_os_tuning from the sysctl/THP tuning work. Also rewrote the Handler guards section — it described a single handler with four guards, but the handler is now split into direct/rolling dispatch paths with five guard conditions each (the ansible_check_mode guard had been omitted too).
|
Warning Rate limit exceeded
Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 45 minutes and 46 seconds. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
📝 WalkthroughWalkthroughDocumentation updates across three areas: TLS certificate configuration keys are renamed for Kibana and Elasticsearch, supported platform versions are adjusted for Debian, Ubuntu, and Rocky Linux/RHEL, and new documentation covers configuration-driven Elasticsearch restart strategies and OS-level tuning behavior. Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@docs/how-to/deployment.md`:
- Around line 81-82: The docs still reference the wrong variable name: replace
the incorrect kibana_tls_key_passphrase with the actual role variable
kibana_tls_certificate_passphrase in the optional passphrase example so users
copying the snippet will use the real variable; update the comment line and any
occurrences of kibana_tls_key_passphrase to kibana_tls_certificate_passphrase to
prevent silent no-op behavior.
In `@docs/reference/elasticsearch.md`:
- Line 533: Update the sentence describing when the Kibana restart is skipped to
mention both CA renewal and the `elasticstack_ca_will_expire_soon` condition;
change the line that currently says "The Kibana restart is skipped during CA
renewal." to include that the restart is also skipped when
`elasticstack_ca_will_expire_soon` is true (and keep the existing
`elasticstack_full_stack` context and meaning intact).
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 8f14483e-cbfa-4fa4-9ca9-35115a95181f
📒 Files selected for processing (3)
docs/how-to/deployment.mddocs/introduction/index.mddocs/reference/elasticsearch.md
…rt skip Two findings from the review on #145: The external-cert Kibana example in the deployment how-to still showed kibana_tls_key_passphrase, but that variable belongs to the role-generated (elasticstack_ca source) cert flow. The external-cert path uses kibana_tls_certificate_passphrase per the defaults annotation. Other occurrences of kibana_tls_key_passphrase in docs are all in role-managed-cert contexts where they're correct, so only this one line needed the swap. Handler-guards section only mentioned CA-renewal as the Kibana restart skip condition. The handler actually skips on both the renew_ca tag and elasticstack_ca_will_expire_soon — both are in roles/elasticsearch/handlers/main.yml. Updated to mention both and why (those paths coordinate their own Kibana restart).
1 participant
A sweep to pull the docs back in line with what the roles actually do after the last month of merges. Three classes of fix.
The supported-platforms table in the introduction page still listed Debian 11 Bullseye and RHEL 8, and was missing Ubuntu 26.04. That table is meant to mirror `roles/elasticsearch/meta/main.yml` (EL 9/10, Debian bookworm/trixie, Ubuntu jammy/noble/resolute) — now does. The other two platform references in docs were already correct.
The external-cert examples in `docs/how-to/deployment.md` referenced variables that don't exist in the roles: `kibana_tls_cert`/`_key`/`_ca`, `elasticsearch_http_tls_cert`/`_ca`, `elasticsearch_transport_tls_cert`/`ca`, and `elasticsearch_tls_cacerts` in the tip callout. Anyone copy-pasting that block was silently getting defaults. Fixed to the real names: `kibana_tls_certificate_file` family, `elasticsearch{http,transport}_tls_certificate`, and the single shared `elasticsearch_tls_ca_certificate` (the per-layer `_ca` variants never existed).
Two variable families landed recently without any docs coverage:
While there I also rewrote the "Handler guards" section. It described a single monolithic handler with four guards, but #137 split it into a direct/rolling dispatch with five guard conditions per handler (the `ansible_check_mode` guard had been missing from the list entirely).
Skipped from the audit: a couple of cosmetic inconsistencies (codenames vs version numbers between getting-started and introduction pages), a redundant mention of `virtualization_type` in two adjacent operational-notes sections (they cover different things), and a request for more examples on `elasticsearch_http_ssl_keystore_path`. Happy to do any of those as follow-ups if you disagree.
Summary by CodeRabbit